Thorsten Alteholz pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
1e00bbc0 by Thorsten Alteholz at 2018-06-30T17:30:15+02:00
follow security team with no-dsa for CVE-2018-8036
- - - - -
a7a70eab by Thorsten Alteholz at 2018-06-30T17:30:15+02:00
typo
- - - - -
dbcd90b9 by Thorsten Alteholz at 2018-06-30T17:30:15+02:00
add sssd
- - - - -
f4f667d4 by Thorsten Alteholz at 2018-06-30T17:30:15+02:00
add symfony
- - - - -
e0a92437 by Thorsten Alteholz at 2018-06-30T17:30:16+02:00
set same status as in Wheezy for CVE-2018-1000119
- - - - -
3 changed files:
- data/CVE/list
- data/dla-needed.txt
- data/packages/lts-do-not-call
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -12555,6 +12555,7 @@ CVE-2018-8036
RESERVED
- libpdfbox-java <unfixed> (low)
[stretch] - libpdfbox-java <no-dsa> (Minor issue)
+ [jessie] - libpdfbox-java <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2018/06/29/2
CVE-2018-8035
RESERVED
@@ -13615,6 +13616,7 @@ CVE-2018-7651 (index.js in the ssri module before 5.2.2
for Node.js is prone to
NOTE: nodejs not covered by security support
CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and
earlier ...)
- ruby-rack-protection <unfixed> (bug #892250)
+ [jessie] - ruby-rack-protection <ignored> (Low prio package and low
prio vulnerability according to RedHat)
[wheezy] - ruby-rack-protection <ignored> (Low prio package and low
prio vulnerability according to RedHat)
NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
=====================================
data/dla-needed.txt
=====================================
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -97,6 +97,12 @@ ruby2.1 (Santiago)
slurm-llnl (Thorsten Alteholz)
NOTE: CVE-2018-7033 fixed in wheezy.
--
+sssd
+ NOTE: 20180630: no fix available, so no email sent to maintainer yet
+--
+symfony
+ NOTE: 20180630: email sent to maintainer, please wait some time before
working on this package
+--
thunderbird (Emilio Pozuelo)
--
tiff (Markus Koschany)
=====================================
data/packages/lts-do-not-call
=====================================
--- a/data/packages/lts-do-not-call
+++ b/data/packages/lts-do-not-call
@@ -22,7 +22,7 @@ mercurial
https://lists.debian.org/debian-lts/2017/12/msg00058.html
nspr https://lists.debian.org/debian-lts/2016/09/msg00192.html
nss https://lists.debian.org/debian-lts/2016/09/msg00192.html
opencv no answer to https://lists.debian.org/debian-lts/2017/09/msg00028.html,
all LTS uploads by LTS team
-openjpeg (private conversation, Mathieu would review patches)
+openjpeg2 (private conversation, Mathieu would review patches)
openssh no answer to
https://lists.debian.org/debian-lts/2016/08/msg00102.html, all LTS uploads by
LTS team
php5 (once upon a time during Squeeze LTS)
poppler no answer to
https://lists.debian.org/debian-lts/2016/04/msg00128.html, all LTS uploads by
LTS team
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f29483da6a8b43dee56e02e57c87e94990990a99...e0a92437061b23ede30f8205328acf3fbdb03ec5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/f29483da6a8b43dee56e02e57c87e94990990a99...e0a92437061b23ede30f8205328acf3fbdb03ec5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
